initial add for xbackbone (#507)

* ombi: remove mariadb dep

* remove mariadb from values

.github/workflows/charts-lint-test.yaml

@@ -1,6 +1,10 @@
-name: Lint and Test Charts
+name: "Charts: Lint and test"
 
-on: pull_request
+on: 
+  pull_request:
+    paths:
+    - 'charts/**'
+    - '!charts/**/README.md'
 
 jobs:
   lint:

.github/workflows/charts-release.yaml

@@ -1,11 +1,12 @@
-name: Release Charts
+name: "Charts: Release"
 
 on:
   push:
     branches:
       - master
     paths:
-      - "charts/**"
+      - 'charts/**'
+      - '!charts/**/README.md'
 
 jobs:
   pre-release:

README.md

@@ -1,9 +1,11 @@
 # k8s@Home collection of helm charts
 
-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Discord](https://img.shields.io/badge/discord-chat-7289DA.svg)](https://discord.com/invite/7PbmHRK)
 [![](https://github.com/k8s-at-home/charts/workflows/Release%20Charts/badge.svg?branch=master)](https://github.com/k8s-at-home/charts/actions)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
-[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/k8s-at-home)](https://artifacthub.io/packages/search?repo=k8s-at-home)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/k8s-at-home)](https://artifacthub.io/packages/search?repo=k8s-at-home)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+
 ## Usage
 
 [Helm](https://helm.sh) must be installed to use the charts.
@@ -19,7 +21,18 @@ You can then run `helm search repo k8s-at-home` to see the charts.
 
 ## Charts
 
-See [artifact hub](https://artifacthub.io/packages/search?org=k8s-at-home) for a complete list.
+See [Artifact Hub](https://artifacthub.io/packages/search?org=k8s-at-home) or [charts](./charts/) for a complete list.
+
+## Common Library
+
+The majority of the charts in this repository are using a common library we built. The reason we went with this pattern is a lot of applications are pretty similar in their requirements for Helm charts. Using a library makes maintaining much easier and keeps charts consistent in features. If contributing a new chart first try to make it using the library we built.
+
+More information can be found [here](https://github.com/k8s-at-home/charts/tree/master/charts/common).
+
+## Support
+
+- Having problems with a chart or have a feature request? Open a new [issue](https://github.com/k8s-at-home/charts/issues/new/choose).
+- New idea? Discuss [here](https://github.com/k8s-at-home/charts/discussions) or in our [Discord](https://discord.gg/sTMX7Vh) in the `#charts` channel.
 
 ## Contributing
 

charts/alertmanager-bot/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.4.2
 description: Bot for Prometheus Alertmanager
 name: alertmanager-bot
-version: 2.3.0
+version: 2.3.1
 keywords:
   - alertmanager
   - telegram
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/appdaemon/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.5
 description: AppDaemon is a loosely coupled, multi-threaded, sandboxed python execution environment for writing automation apps for various types of Home Automation Software including Home Assistant and MQTT.
 name: appdaemon
-version: 2.3.0
+version: 2.3.1
 keywords:
   - appdaemon
   - home-automation
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/bazarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.9.0.5
 description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements
 name: bazarr
-version: 5.3.0
+version: 5.3.1
 keywords:
   - bazarr
   - radarr
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/bitwardenrs/Chart.yaml

@@ -2,15 +2,15 @@ apiVersion: v2
 name: bitwardenrs
 description: Unofficial Bitwarden compatible server written in Rust
 type: application
-version: 1.0.1
-appVersion: 1.16.3
+version: 2.0.0
+appVersion: 1.18.0
 keywords:
   - bitwarden
   - bitwardenrs
   - bitwarden_rs
   - password
   - rust
-home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwarden_rs
+home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs
 sources:
   - https://github.com/dani-garcia/bitwarden_rs
 maintainers:

charts/bitwardenrs/README.md

@@ -46,3 +46,13 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 ```console
 helm install bitwarden k8s-at-home/bitwardenrs  --values values.yaml 
 ```
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.1.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 1.x.x to 2.x.x
+
+Chart version 2.0.0 introduces external database support.
+ * No actions required to continue with the default sqlite backend.
+ * Refer to the `bitwardenrs.externalDatabase` section of [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bitwardenrs/values.yaml) to configure MySQL or PostgreSQL database backends.

charts/bitwardenrs/templates/_database.tpl

@@ -0,0 +1,38 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate environment variables for external database
+*/}}
+{{- define "bitwardenrs.externalDatabaseConfigMap" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if and (not .existingSecret.enabled) .user }}
+DATABASE_USER: {{ .user | quote }}
+{{- end }}
+{{- if and (not .existingSecret.enabled) .password }}
+DATABASE_PASSWORD: {{ .password | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "bitwardenrs.externalDatabaseEnv" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if .existingSecret.enabled }}
+- name: DATABASE_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.userKey | quote }}
+- name: DATABASE_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.passwordKey | quote }}
+{{- end }}
+{{- $dbport := not (empty .port) | ternary (printf ":%v" .port) "" }}
+- name: DATABASE_URL
+  value: {{ printf "%v://$(DATABASE_USER):$(DATABASE_PASSWORD)@%v%v/%v" .type .host $dbport .database }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/bitwardenrs/templates/configmap.yaml

@@ -12,8 +12,8 @@ data:
   WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
   {{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
   DISABLE_ADMIN_TOKEN: "true"
-    {{- end }}
-    {{- with .Values.bitwardenrs.smtp }}
+  {{- end }}
+  {{- with .Values.bitwardenrs.smtp }}
   {{- if .enabled }}
   SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
   SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
@@ -31,6 +31,20 @@ data:
   {{- end }}
   {{- end }}
   {{- end }}
+  {{- with .Values.bitwardenrs.yubico }}
+  {{- if .enabled }}
+  {{- if .server }}
+  YUBICO_SERVER: {{ .server | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .clientId }}
+  YUBICO_CLIENT_ID: {{ .clientId | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .secretKey }}
+  YUBICO_SECRET_KEY: {{ .secretKey | quote }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- include "bitwardenrs.externalDatabaseConfigMap" . | nindent 2 }}
   {{- if .Values.env }}
   {{- toYaml .Values.env | nindent 2 }}
   {{- end }}

charts/bitwardenrs/templates/deployment.yaml

@@ -54,11 +54,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -70,12 +70,27 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: {{ .Values.bitwardenrs.gui.port }}
               protocol: TCP
             {{- if .Values.bitwardenrs.websockets.enabled }}
             - name: websocket

charts/bitwardenrs/templates/ingress.yaml

@@ -1,6 +1,7 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "bitwardenrs.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
+{{- $websockets := .Values.bitwardenrs.websockets -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
@@ -36,6 +37,16 @@ spec:
             backend:
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+          {{- if $websockets.enabled }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $websockets.port }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub/negotiate
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort}}
+          {{- end }}
           {{- end }}
     {{- end }}
   {{- end }}

charts/bitwardenrs/templates/statefulset.yaml

@@ -55,11 +55,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -71,12 +71,27 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: {{ .Values.bitwardenrs.gui.port }}
               protocol: TCP
             {{- if .Values.bitwardenrs.websockets.enabled }}
             - name: websocket

charts/bitwardenrs/values.yaml

@@ -14,6 +14,9 @@ fullnameOverride: ""
 bitwardenrs:
   domain: ""
   signupsAllowed: false
+  gui:
+    # If you set a different port here, you must also provide it under env
+    port: 80
   websockets:
     enabled: true
     port: 3012
@@ -24,6 +27,31 @@ bitwardenrs:
       enabled: false
       name: ""
       tokenKey: ""
+  # External database configuration.
+  # Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
+  # ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
+  #      https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
+  externalDatabase:
+    enabled: false
+    # Supported values: 'mysql', 'postgresql'.
+    type: ""
+    # Database host. Required if external database is enabled.
+    host: ""
+    # Database port. Optional, default value is specific to the database backend.
+    port: ""
+    # Database name.
+    database: ""
+    # Database user.
+    user: ""
+    # Database password. Special characters must be escaped with percent encoding.
+    password: ""
+    # Use existing secret for database credentials.
+    existingSecret:
+      enabled: false
+      name: ""
+      userKey: ""
+      # Special characters in the password value must be escaped with percent encoding.
+      passwordKey: ""
   # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
   smtp:
     enabled: false
@@ -47,8 +75,26 @@ bitwardenrs:
       name: ""
       userKey: ""
       passwordKey: ""
+  # Enable Yubikey 2FA: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
+  yubico:
+    enabled: false
+    # OTP verification server. Will use the default YubiCloud servers if not specified
+    server: ""
+    # API Client ID for OTP server. Ignored if existingSecret is provided.
+    clientId: ""
+    # API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret.
+    secretKey: ""
+    # Use existing secret for API keys
+    existingSecret:
+      enabled: false
+      name: ""
+      clientIdKey: ""
+      secretKeyKey: ""
 
 env: {}
+# If you plan to run the WebUI on a port other than port 80, specify that here:
+# For example, if running the container as a non-root user.
+#  ROCKET_PORT: "80"
 
 persistence:
   type: statefulset

charts/blocky/Chart.yaml

@@ -1,11 +1,12 @@
 apiVersion: v2
-appVersion: v0.11
+appVersion: v0.12
 description: DNS proxy as ad-blocker for local network
 name: blocky
-version: 4.1.1
+version: 5.0.0
 keywords:
   - blocky
-  - dbs
+  - adblock
+  - dns
 home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky
 icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true
 sources:

charts/blocky/README.md

@@ -47,6 +47,8 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 helm install --name blocky -f values.yaml k8s-at-home/blocky
 ```
 
+---
+
 ## Upgrading an existing Release to a new major version
 
 A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an
@@ -72,3 +74,6 @@ kubectl delete svc/blocky
 
 This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS
 
+### Upgrading from 4.x.x to 5.x.x
+
+Configuration inside `config` is no longer a yaml object, it is now a multiline string

charts/blocky/templates/configmap.yaml

@@ -9,12 +9,5 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
-{{- if .Values.config }}
-{{ $root := . }}
   config.yml: |
-{{ tpl (toYaml .Values.config | indent 4) $root }}
-{{- end }}
-{{- range $name, $value := .Values.extraLists }}
-  {{ $name }}: |-
-{{ $value | indent 4}}
-{{- end }}
+{{ .Values.config | indent 4 }}

charts/blocky/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $blockyConfig := .Values.config | fromYaml }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -45,9 +46,9 @@ spec:
               subPath: {{ $name }}
               readOnly: true
             {{- end }}
-            {{- if .Values.config.queryLog }}
+            {{- if hasKey $blockyConfig "queryLog" }}
             - name: data
-              mountPath: {{ .Values.config.queryLog.dir }}
+              mountPath: {{ $blockyConfig.queryLog.dir }}
               {{- if .Values.persistence.subPath }}
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
@@ -96,7 +97,7 @@ spec:
                     - key: {{ $name }}
                       path: {{ $name }}
                   {{- end }}
-        {{- if .Values.config.queryLog }}
+        {{- if hasKey $blockyConfig "queryLog" }}
         - name: data
           {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

charts/blocky/values.yaml

@@ -1,6 +1,6 @@
 image:
   repository: spx01/blocky
-  tag: v0.11
+  tag: v0.12
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -10,29 +10,30 @@ replicas: 1
 
 timeZone: "UTC"
 
-# blocky configuration - will translate to config.yml file inside the pod
-config:
+# Blocky configuration, for a full list of options see
+# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml
+config: |
   upstream:
     # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
-    # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
+    # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
     externalResolvers:
-      - udp:8.8.8.8
-      - udp:8.8.4.4
-      - udp:1.1.1.1
-      - tcp-tls:1.0.0.1:853
-      - https://cloudflare-dns.com/dns-query
+      - 46.182.19.48
+      - 80.241.218.68
+      - tcp-tls:fdns1.dismail.de:853
+      - https://dns.digitale-gesellschaft.ch/dns-query
 
   # optional: custom IP address for domain name (with all sub-domains)
   # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
-  # customDNS:
-  #   mapping:
-  #     printer.lan: 192.168.178.3
+  customDNS:
+    mapping:
+      printer.lan: 192.168.178.3
 
-  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
+  # optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma
   # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
-  # conditional:
-  #   mapping:
-  #     fritz.box: udp:192.168.178.1
+  conditional:
+    mapping:
+      fritz.box: udp:192.168.178.1
+      lan.net: udp:192.168.178.1,udp:192.168.178.2
 
   # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
   blocking:
@@ -46,77 +47,95 @@ config:
         - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
         - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
       special:
-        - https://hosts-file.net/ad_servers.txt
-    # definition of whitelist groups. Attention: if the same group has black and whitelists,
-    # whitelists will be used to disable particular blacklist entries. If a group has only
-    # whitelist entries -> this means only domains from this list are allowed,
-    # all other domains will be blocked.
-    # Also see the extraLists section below to add your own in-line whitelists
-    # whiteLists:
-    #   ads:
-    #     - whitelist.txt
+        - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
+    # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
+    whiteLists:
+      ads:
+        - whitelist.txt
     # definition: which groups should be applied for which client
     clientGroupsBlock:
       # default will be used, if no special definition for a client name exists
       default:
         - ads
         - special
-      # use client name or ip address
-      # laptop.fritz.box:
-      #   - ads
-
+      # use client name (with wildcard support: * - sequence of any characters, [0-9] - range)
+      # or single ip address / client subnet as CIDR notation
+      laptop*:
+        - ads
+      192.168.178.1/24:
+        - special
     # which response will be sent, if query is blocked:
-    #   zeroIp: 0.0.0.0 will be returned (default)
-    #   nxDomain: return NXDOMAIN as return code
-    # blockType: zeroIp
-
+    # zeroIp: 0.0.0.0 will be returned (default)
+    # nxDomain: return NXDOMAIN as return code
+    # comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page.
+    blockType: zeroIp
     # optional: automatically list refresh period in minutes. Default: 4h.
     # Negative value -> deactivate automatically refresh.
     # 0 value -> use default
-    # refreshPeriod: 1
+    refreshPeriod: 0
 
   # optional: configuration for caching of DNS responses
-  # caching:
-  #   # amount in minutes, how long a response must be cached (min value).
-  #   # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
-  #   # Default: 0
-  #   minTime: 40
-  #   # amount in minutes, how long a response must be cached (max value).
-  #   # If <0, do not cache responses
-  #   # If 0, use TTL
-  #   # If > 0, use this value, if TTL is greater
-  #   # Default: 0
-  #   maxTime: -1
+  caching:
+    # amount in minutes, how long a response must be cached (min value).
+    # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
+    # Default: 0
+    minTime: 5
+    # amount in minutes, how long a response must be cached (max value).
+    # If <0, do not cache responses
+    # If 0, use TTL
+    # If > 0, use this value, if TTL is greater
+    # Default: 0
+    maxTime: -1
+    # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window)
+    # this improves the response time for often used queries, but significantly increases external traffic
+    # default: false
+    prefetching: true
 
   # optional: configuration of client name resolution
-  # clientLookup:
-  #   # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
-  #   upstream: udp:192.168.178.1
-  #   # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
-  #   # Example: take second name if present, if not take first name
-  #   singleNameOrder:
-  #     - 2
-  #     - 1
+  clientLookup:
+    # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router)
+    upstream: udp:192.168.178.1
+    # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
+    # Example: take second name if present, if not take first name
+    singleNameOrder:
+      - 2
+      - 1
+    # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names.
+    clients:
+      laptop:
+        - 192.168.178.29
+
   # optional: configuration for prometheus metrics endpoint
-  prometheus:
-    # enabled if true
-    enable: true
-    # url path, optional (default '/metrics')
-    path: /metrics
+  # prometheus:
+  #   # enabled if true
+  #   enable: true
+  #   # url path, optional (default '/metrics')
+  #   path: /metrics
 
   # optional: write query information (question, answer, client, duration etc) to daily csv file
   # queryLog:
-  #     # directory (will be mounted as volume in the pod)
-  #     dir: /logs
-  #     # if true, write one file per client. Writes all queries to single file otherwise
-  #     perClient: true
-  #     # if > 0, deletes log files which are older than ... days
-  #     logRetentionDays: 7
+  #   # directory (should be mounted as volume in docker)
+  #   dir: /logs
+  #   # if true, write one file per client. Writes all queries to single file otherwise
+  #   perClient: true
+  #   # if > 0, deletes log files which are older than ... days
+  #   logRetentionDays: 7
 
-  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
+  # optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53
+  port: 53
+  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
   httpPort: 4000
+  # optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
+  #httpsPort: 443
+  # mandatory, if https port > 0: path to cert and key file for SSL encryption
+  #httpsCertFile: server.crt
+  #httpsKeyFile: server.key
+  # optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
+  bootstrapDns: tcp:1.1.1.1
   # optional: Log level (one from debug, info, warn, error). Default: info
   logLevel: info
+  # optional: Log format (text or json). Default: text
+  logFormat: text
 
 ## Add persistence for query logs (if enabled)
 persistence:

charts/booksonic-air/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2009.1.0
 description: Booksonic is a platform for accessing the audibooks you own wherever you are
 name: booksonic-air
-version: 2.3.0
+version: 2.3.1
 keywords:
   - booksonic
   - audiobook
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/calibre-web/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.6.9
 description: Calibre-Web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.
 name: calibre-web
-version: 4.3.0
+version: 4.3.1
 keywords:
   - calibre
   - ebook
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/common/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.1]
+
+### Fixed
+
+- Made explicit that `service.port.targetPort` cannot be a named port.
+
 ## [2.2.0]
 
 ### Added
@@ -53,6 +59,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face:
 
+[2.2.1]: https://github.com/k8s-at-home/charts/tree/common-2.2.1/charts/common
+
 [2.2.0]: https://github.com/k8s-at-home/charts/tree/common-2.2.0/charts/common
 
 [2.1.0]: https://github.com/k8s-at-home/charts/tree/common-2.1.0/charts/common

charts/common/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 2.2.0
+version: 2.2.1
 keywords:
   - k8s-at-home
   - common

charts/common/templates/lib/controller/_ports.tpl

@@ -32,6 +32,9 @@ Ports included by the controller.
 ports:
 {{- range $_ := $ports }}
 - name: {{ .name }}
+  {{- if and .targetPort (kindIs "string" .targetPort) }}
+  {{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }}
+  {{- end }}
   containerPort: {{ .targetPort | default .port }}
   protocol: {{ .protocol | default "TCP" }}
 {{- end -}}

charts/common/values.yaml

@@ -107,8 +107,9 @@ service:
     ## name defaults to http
     name:
     protocol: TCP
-    ## targetPort defaults to the service name. If targetPort is specified, this port number
-    ## is used in the container definition instead of service.port.port.
+    ## Specify a service targetPort if you wish to differ the service port from the application port.
+    ## If targetPort is specified, this port number is used in the container definition instead of
+    ## service.port.port. Therefore named ports are not supported for this field.
     targetPort:
     ## Specify the nodePort value for the LoadBalancer and NodePort service types.
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

charts/couchpotato/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: CouchPotato (CP) is an automatic NZB and torrent downloader.
 name: couchpotato
-version: 4.3.0
+version: 4.3.1
 keywords:
   - couchpotato
   - usenet
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/dashmachine/Chart.yaml

@@ -4,7 +4,7 @@ description: DashMachine is another web application bookmark dashboard, with fun
 icon: https://github.com/rmountjoy92/DashMachine/raw/master/dashmachine/static/images/logo/logo.png
 home: https://github.com/rmountjoy92/DashMachine
 name: dashmachine
-version: 3.3.0
+version: 3.3.1
 sources:
   - https://github.com/rmountjoy92/DashMachine
 maintainers:
@@ -12,5 +12,5 @@ maintainers:
     email: ryan@ryanholt.net
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.2.1
     repository: https://k8s-at-home.com/charts/

charts/ddclient/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.9.1
 description: Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Providers
 name: ddclient
-version: 2.3.0
+version: 2.3.1
 keywords:
   - ddclient
   - dns
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/deluge/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.0.3-2201906121747
 description: Deluge is a torrent download client
 name: deluge
-version: 1.1.0
+version: 1.1.1
 keywords:
   - deluge
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/dsmr-reader/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v4.9.0
 description: DSMR-protocol reader, telegram data storage and energy consumption visualizer.
 name: dsmr-reader
-version: 1.1.0
+version: 1.1.1
 keywords:
 - dsmr-reader
 - energy
@@ -17,7 +17,7 @@ maintainers:
 dependencies:
 - name: common
   repository: https://k8s-at-home.com/charts/
-  version: 2.2.0
+  version: 2.2.1
 - name: postgresql
   version: 10.2.0
   repository: https://charts.bitnami.com/bitnami

charts/esphome/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.15.3
 description: ESPHome is a system to control your ESP8266/ESP32 by simple yet powerful configuration files and control them remotely through Home Automation systems.
 name: esphome
-version: 4.3.0
+version: 4.3.1
 keywords:
   - esphome
   - home-automation
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/flaresolverr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/flaresolverr/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: v1.2.3
+description: FlareSolverr is a proxy server to bypass Cloudflare protection
+name: flaresolverr
+version: 1.0.0
+keywords:
+  - flaresolverr
+  - jackett
+home: https://github.com/k8s-at-home/charts/tree/master/charts/flaresolverr
+sources:
+  - https://github.com/FlareSolverr/FlareSolverr
+  - https://hub.docker.com/r/flaresolverr/flaresolverr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/flaresolverr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/flaresolverr/README.md

@@ -0,0 +1,67 @@
+# FlareSolverr
+
+This is a helm chart for [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/flaresolverr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/flaresolverr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/flaresolverr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install flaresolverr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/flaresolverr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install flaresolverr k8s-at-home/flaresolverr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/flaresolverr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/flaresolverr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/flaresolverr/values.yaml

@@ -0,0 +1,16 @@
+# Default values for FlareSolverr.
+
+image:
+  repository: flaresolverr/flaresolverr
+  pullPolicy: IfNotPresent
+  tag: v1.2.3
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 8191
+
+env: {}
+  # LOG_LEVEL: UTC

charts/flood/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.1.1
 description: Flood is a monitoring service for various torrent clients
 name: flood
-version: 2.3.0
+version: 2.3.1
 keywords:
   - flood
   - rtorrent
@@ -19,4 +19,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/freshrss/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.17.0
 description: FreshRSS is a self-hosted RSS feed aggregator
 name: freshrss
-version: 2.3.0
+version: 2.3.1
 keywords:
   - freshrss
   - rss
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/gaps/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: Gaps searches through your Plex Server or local folders for all movies, then queries for known movies in the same collection.
 name: gaps
-version: 1.1.0
+version: 1.1.1
 keywords:
   - plex
   - plex-media-server
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/grocy/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.7.1
 description: ERP beyond your fridge - grocy is a web-based self-hosted groceries & household management solution for your home
 name: grocy
-version: 4.3.0
+version: 4.3.1
 keywords:
   - grocy
 home: https://github.com/k8s-at-home/charts/tree/master/charts/grocy
@@ -14,5 +14,5 @@ maintainers:
     email: jeff@billimek.com
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.2.1
     repository: https://k8s-at-home.com/charts/

charts/heimdall/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.2.2
 description: An Application dashboard and launcher
 name: heimdall
-version: 4.2.0
+version: 4.2.1
 keywords:
   - heimdall
 home: https://github.com/k8s-at-home/charts/tree/master/charts/heimdall
@@ -15,5 +15,5 @@ maintainers:
     email: jeff@billimek.com
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.2.1
     repository: https://k8s-at-home.com/charts/

charts/home-assistant/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2020.12.1
 description: Home Assistant
 name: home-assistant
-version: 5.4.0
+version: 5.4.1
 keywords:
 - home-assistant
 - hass
@@ -19,7 +19,7 @@ maintainers:
 dependencies:
 - name: common
   repository: https://k8s-at-home.com/charts/
-  version: 2.2.0
+  version: 2.2.1
 - name: postgresql
   version: 10.2.0
   repository: https://charts.bitnami.com/bitnami

charts/homer/Chart.yaml

@@ -4,7 +4,7 @@ description: A dead simple static HOMepage for your servER to keep your services
 icon: https://raw.githubusercontent.com/bastienwirtz/homer/main/public/logo.png
 home: https://github.com/bastienwirtz/homer
 name: homer
-version: 2.3.0
+version: 2.3.1
 sources:
   - https://github.com/bastienwirtz/homer
 maintainers:
@@ -12,5 +12,5 @@ maintainers:
     email: jeff@billimek.com
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.2.1
     repository: https://k8s-at-home.com/charts/

charts/hyperion-ng/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.0-alpha9
 description: Hyperion is an opensource Bias or Ambient Lighting implementation
 name: hyperion-ng
-version: 1.1.0
+version: 1.1.1
 keywords:
   - hyperion-ng
   - hyperion
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/icantbelieveitsnotvaletudo/README.md

@@ -1,6 +1,6 @@
 # I can't belive it's not Valetudo
 
-Map generation companion service for [Valetudo](valetudo.cloud)
+Map generation companion service for [Valetudo](https://valetudo.cloud/)
 
 ## TL;DR;
 

charts/jackett/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.16.2106
 description: API Support for your favorite torrent trackers
 name: jackett
-version: 6.3.0
+version: 6.3.1
 keywords:
   - jackett
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/jellyfin/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 10.6.4
 description: Jellyfin is a Free Software Media System
 name: jellyfin
-version: 4.3.0
+version: 4.3.1
 keywords:
   - jellyfin
   - plex
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/lidarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.8.0.1886
 description: Looks and smells like Sonarr but made for music
 name: lidarr
-version: 6.3.0
+version: 6.3.1
 keywords:
   - lidarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/lychee/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.8
 description: Lychee is a free photo-management tool, which runs on your server or web-space
 name: lychee
-version: 2.3.0
+version: 2.3.1
 keywords:
   - lychee
   - photo
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/monica/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.19.1
 description: A Personal Relationship Management tool to help you organize your social life
 name: monica
-version: 2.4.0
+version: 2.4.1
 keywords:
   - crm
 home: https://www.monicahq.com/
@@ -16,7 +16,7 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1
   - name: mariadb
     version: 9.2.0
     repository: https://charts.bitnami.com/bitnami

charts/mosquitto/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "1.6.12"
+appVersion: "2.0.4"
 description: Eclipse Mosquitto - An open source MQTT broker
 name: mosquitto
-version: 0.5.0
+version: 0.7.0
 keywords:
   - message queue
   - MQTT

charts/mosquitto/templates/NOTES.txt

@@ -1,6 +1,6 @@
 ** Please be patient while the chart is being deployed **
 
-Mosquitto can be accessed within the cluster on port 1883 at {{ template "mosquitto.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+Mosquitto can be accessed within the cluster on port {{ .Values.service.port }} at {{ template "mosquitto.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
 
 To access for outside the cluster, perform the following steps:
 
@@ -26,13 +26,13 @@ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
 
 To Access the Moquitto port:
 
-    echo "URL : mqtt://$SERVICE_IP:1883/"
+    echo "URL : mqtt://$SERVICE_IP:{{ .Values.service.port }}/"
 
 {{- else if contains "ClusterIP"  .Values.service.type }}
 
 To Access the Mosquitto MQTT port:
 
-    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mosquitto.fullname" . }} 1883:1883
-    echo "URL : mqtt://127.0.0.1:1883/"
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mosquitto.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }}
+    echo "URL : mqtt://127.0.0.1:{{ .Values.service.port }}/"
 
 {{- end }}

charts/mosquitto/templates/configmap.yaml

@@ -40,20 +40,6 @@ data:
     #per_listener_settings false
 
 
-    # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
-    # and foo/+/baz , then MQTT expects that when the broker receives a message on
-    # a topic that matches both subscriptions, such as foo/bar/baz, then the client
-    # should only receive the message once.
-    # Mosquitto keeps track of which clients a message has been sent to in order to
-    # meet this requirement. The allow_duplicate_messages option allows this
-    # behaviour to be disabled, which may be useful if you have a large number of
-    # clients subscribed to the same set of topics and are very concerned about
-    # minimising memory usage.
-    # It can be safely set to true if you know in advance that your clients will
-    # never have overlapping subscriptions, otherwise your clients must be able to
-    # correctly deal with duplicate messages even when then have QoS=2.
-    #allow_duplicate_messages false
-
     # This option controls whether a client is allowed to connect with a zero
     # length client id or not. This option only affects clients using MQTT v3.1.1
     # and later. If set to false, clients connecting with a zero length client id
@@ -120,12 +106,16 @@ data:
     # be queued until the first limit is reached.
     #max_queued_bytes 0
 
+    # Set the maximum QoS supported. Clients publishing at a QoS higher than
+    # specified here will be disconnected.
+    #max_qos 2
+
     # The maximum number of QoS 1 and 2 messages to hold in a queue per client
-    # above those that are currently in-flight.  Defaults to 100. Set
+    # above those that are currently in-flight.  Defaults to 1000. Set
     # to 0 for no maximum (not recommended).
     # See also queue_qos0_messages.
     # See also max_queued_bytes.
-    #max_queued_messages 100
+    #max_queued_messages 1000
     #
     # This option sets the maximum number of heap memory bytes that the broker will
     # allocate, and hence sets a hard limit on memory use by the broker.  Memory
@@ -164,7 +154,7 @@ data:
 
     # Write process id to a file. Default is a blank string which means
     # a pid file shouldn't be written.
-    # This should be set to /var/run/mosquitto.pid if mosquitto is
+    # This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
     # being run automatically on boot with an init script and
     # start-stop-daemon or similar.
     #pid_file
@@ -201,171 +191,15 @@ data:
     # When run as root, drop privileges to this user and its primary
     # group.
     # Set to root to stay as root, but this is not recommended.
+    # If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
+    # then it will drop privileges to the "nobody" user instead.
     # If run as a non-root user, this setting has no effect.
-    # Note that on Windows this has no effect and so mosquitto should
-    # be started by the user you wish it to run as.
+    # Note that on Windows this has no effect and so mosquitto should be started by
+    # the user you wish it to run as.
     #user mosquitto
 
     # =================================================================
-    # Default listener
-    # =================================================================
-
-    # IP address/hostname to bind the default listener to. If not
-    # given, the default listener will not be bound to a specific
-    # address and so will be accessible to all network interfaces.
-    # bind_address ip-address/host name
-    #bind_address
-
-    # Port to use for the default listener.
-    #port 1883
-
-    # Bind the listener to a specific interface. This is similar to
-    # bind_address above but is useful when an interface has multiple addresses or
-    # the address may change. It is valid to use this with the bind_address option,
-    # but take care that the interface you are binding to contains the address you
-    # are binding to, otherwise you will not be able to connect.
-    # Example: bind_interface eth0
-    #bind_interface
-
-    # When a listener is using the websockets protocol, it is possible to serve
-    # http data as well. Set http_dir to a directory which contains the files you
-    # wish to serve. If this option is not specified, then no normal http
-    # connections will be possible.
-    #http_dir
-
-    # The maximum number of client connections to allow. This is
-    # a per listener setting.
-    # Default is -1, which means unlimited connections.
-    # Note that other process limits mean that unlimited connections
-    # are not really possible. Typically the default maximum number of
-    # connections possible is around 1024.
-    #max_connections -1
-
-    # Choose the protocol to use when listening.
-    # This can be either mqtt or websockets.
-    # Websockets support is currently disabled by default at compile time.
-    # Certificate based TLS may be used with websockets, except that
-    # only the cafile, certfile, keyfile and ciphers options are supported.
-    #protocol mqtt
-
-    # Set use_username_as_clientid to true to replace the clientid that a client
-    # connected with with its username. This allows authentication to be tied to
-    # the clientid, which means that it is possible to prevent one client
-    # disconnecting another by using the same clientid.
-    # If a client connects with no username it will be disconnected as not
-    # authorised when this option is set to true.
-    # Do not use in conjunction with clientid_prefixes.
-    # See also use_identity_as_username.
-    #use_username_as_clientid
-
-    # -----------------------------------------------------------------
-    # Certificate based SSL/TLS support
-    # -----------------------------------------------------------------
-    # The following options can be used to enable SSL/TLS support for
-    # this listener. Note that the recommended port for MQTT over TLS
-    # is 8883, but this must be set manually.
-    #
-    # See also the mosquitto-tls man page.
-
-    # At least one of cafile or capath must be defined. They both
-    # define methods of accessing the PEM encoded Certificate
-    # Authority certificates that have signed your server certificate
-    # and that you wish to trust.
-    # cafile defines the path to a file containing the CA certificates.
-    # capath defines a directory that will be searched for files
-    # containing the CA certificates. For capath to work correctly, the
-    # certificate files must have ".crt" as the file ending and you must run
-    # "openssl rehash <path to capath>" each time you add/remove a certificate.
-    #cafile
-    #capath
-
-    # Path to the PEM encoded server certificate.
-    #certfile
-
-    # Path to the PEM encoded keyfile.
-    #keyfile
-
-
-    # If you have require_certificate set to true, you can create a certificate
-    # revocation list file to revoke access to particular client certificates. If
-    # you have done this, use crlfile to point to the PEM encoded revocation file.
-    #crlfile
-
-    # If you wish to control which encryption ciphers are used, use the ciphers
-    # option. The list of available ciphers can be obtained using the "openssl
-    # ciphers" command and should be provided in the same format as the output of
-    # that command.
-    # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
-    #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
-
-    # To allow the use of ephemeral DH key exchange, which provides forward
-    # security, the listener must load DH parameters. This can be specified with
-    # the dhparamfile option. The dhparamfile can be generated with the command
-    # e.g. "openssl dhparam -out dhparam.pem 2048"
-    #dhparamfile
-
-    # By default a TLS enabled listener will operate in a similar fashion to a
-    # https enabled web server, in that the server has a certificate signed by a CA
-    # and the client will verify that it is a trusted certificate. The overall aim
-    # is encryption of the network traffic. By setting require_certificate to true,
-    # the client must provide a valid certificate in order for the network
-    # connection to proceed. This allows access to the broker to be controlled
-    # outside of the mechanisms provided by MQTT.
-    #require_certificate false
-
-    # This option defines the version of the TLS protocol to use for this listener.
-    # The default value allows all of v1.3, v1.2 and v1.1. The valid values are
-    # tlsv1.3 tlsv1.2 and tlsv1.1.
-    #tls_version
-
-    # If require_certificate is true, you may set use_identity_as_username to true
-    # to use the CN value from the client certificate as a username. If this is
-    # true, the password_file option will not be used for this listener.
-    # This takes priority over use_subject_as_username.
-    # See also use_subject_as_username.
-    #use_identity_as_username false
-
-    # If require_certificate is true, you may set use_subject_as_username to true
-    # to use the complete subject value from the client certificate as a username.
-    # If this is true, the password_file option will not be used for this listener.
-    # See also use_identity_as_username
-    #use_subject_as_username false
-
-    # -----------------------------------------------------------------
-    # Pre-shared-key based SSL/TLS support
-    # -----------------------------------------------------------------
-    # The following options can be used to enable PSK based SSL/TLS support for
-    # this listener. Note that the recommended port for MQTT over TLS is 8883, but
-    # this must be set manually.
-    #
-    # See also the mosquitto-tls man page and the "Certificate based SSL/TLS
-    # support" section. Only one of certificate or PSK encryption support can be
-    # enabled for any listener.
-
-    # The psk_hint option enables pre-shared-key support for this listener and also
-    # acts as an identifier for this listener. The hint is sent to clients and may
-    # be used locally to aid authentication. The hint is a free form string that
-    # doesn't have much meaning in itself, so feel free to be creative.
-    # If this option is provided, see psk_file to define the pre-shared keys to be
-    # used or create a security plugin to handle them.
-    #psk_hint
-
-    # When using PSK, the encryption ciphers used will be chosen from the list of
-    # available PSK ciphers. If you want to control which ciphers are available,
-    # use the "ciphers" option.  The list of available ciphers can be obtained
-    # using the "openssl ciphers" command and should be provided in the same format
-    # as the output of that command.
-    #ciphers
-
-    # Set use_identity_as_username to have the psk identity sent by the client used
-    # as its username. Authentication will be carried out using the PSK rather than
-    # the MQTT username/password and so password_file will not be used for this
-    # listener.
-    #use_identity_as_username false
-
-
-    # =================================================================
-    # Extra listeners
+    # Listeners
     # =================================================================
 
     # Listen on a port/ip address combination. By using this variable
@@ -379,8 +213,28 @@ data:
     # interface. By default, mosquitto will listen on all interfaces.
     # Note that for a websockets listener it is not possible to bind to a host
     # name.
-    # listener port-number [ip address/host name]
-    #listener
+    #
+    # On systems that support Unix Domain Sockets, it is also possible
+    # to create a # Unix socket rather than opening a TCP socket. In
+    # this case, the port number should be set to 0 and a unix socket
+    # path must be provided, e.g.
+    # listener 0 /tmp/mosquitto.sock
+    #
+    # listener port-number [ip address/host name/unix socket path]
+    listener {{ .Values.service.port }}
+
+    # By default, a listener will attempt to listen on all supported IP protocol
+    # versions. If you do not have an IPv4 or IPv6 interface you may wish to
+    # disable support for either of those protocol versions. In particular, note
+    # that due to the limitations of the websockets library, it will only ever
+    # attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
+    # if IPv6 is not available.
+    #
+    # Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
+    # force the listener to only use IPv6. If you want support for both IPv4 and
+    # IPv6, then do not use the socket_domain option.
+    #
+    #socket_domain
 
     # Bind the listener to a specific interface. This is similar to
     # the [ip address/host name] part of the listener definition, but is useful
@@ -416,7 +270,7 @@ data:
     # Choose the protocol to use when listening.
     # This can be either mqtt or websockets.
     # Certificate based TLS may be used with websockets, except that only the
-    # cafile, certfile, keyfile and ciphers options are supported.
+    # cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported.
     #protocol mqtt
 
     # Set use_username_as_clientid to true to replace the clientid that a client
@@ -447,17 +301,8 @@ data:
     # support" section. Only one of certificate or PSK encryption support can be
     # enabled for any listener.
 
-    # At least one of cafile or capath must be defined to enable certificate based
-    # TLS encryption. They both define methods of accessing the PEM encoded
-    # Certificate Authority certificates that have signed your server certificate
-    # and that you wish to trust.
-    # cafile defines the path to a file containing the CA certificates.
-    # capath defines a directory that will be searched for files
-    # containing the CA certificates. For capath to work correctly, the
-    # certificate files must have ".crt" as the file ending and you must run
-    # "openssl rehash <path to capath>" each time you add/remove a certificate.
-    #cafile
-    #capath
+    # Both of certfile and keyfile must be defined to enable certificate based
+    # TLS encryption.
 
     # Path to the PEM encoded server certificate.
     #certfile
@@ -465,13 +310,17 @@ data:
     # Path to the PEM encoded keyfile.
     #keyfile
 
-
     # If you wish to control which encryption ciphers are used, use the ciphers
     # option. The list of available ciphers can be optained using the "openssl
     # ciphers" command and should be provided in the same format as the output of
-    # that command.
+    # that command. This applies to TLS 1.2 and earlier versions only. Use
+    # ciphers_tls1.3 for TLS v1.3.
     #ciphers
 
+    # Choose which TLS v1.3 ciphersuites are used for this listener.
+    # Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+    #ciphers_tls1.3
+
     # If you have require_certificate set to true, you can create a certificate
     # revocation list file to revoke access to particular client certificates. If
     # you have done this, use crlfile to point to the PEM encoded revocation file.
@@ -492,6 +341,18 @@ data:
     # outside of the mechanisms provided by MQTT.
     #require_certificate false
 
+    # cafile and capath define methods of accessing the PEM encoded
+    # Certificate Authority certificates that will be considered trusted when
+    # checking incoming client certificates.
+    # cafile defines the path to a file containing the CA certificates.
+    # capath defines a directory that will be searched for files
+    # containing the CA certificates. For capath to work correctly, the
+    # certificate files must have ".crt" as the file ending and you must run
+    # "openssl rehash <path to capath>" each time you add/remove a certificate.
+    #cafile
+    #capath
+
+
     # If require_certificate is true, you may set use_identity_as_username to true
     # to use the CN value from the client certificate as a username. If this is
     # true, the password_file option will not be used for this listener.
@@ -566,9 +427,9 @@ data:
     # the path.
     #persistence_file mosquitto.db
 
-    # Location for persistent database. Must include trailing /
+    # Location for persistent database.
     # Default is an empty string (current directory).
-    # Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or
+    # Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
     # similar.
     #persistence_location
     {{- if .Values.persistence.enabled }}
@@ -582,7 +443,7 @@ data:
 
     # Places to log to. Use multiple log_dest lines for multiple
     # logging destinations.
-    # Possible destinations are: stdout stderr syslog topic file
+    # Possible destinations are: stdout stderr syslog topic file dlt
     #
     # stdout and stderr log to the console on the named output.
     #
@@ -600,6 +461,9 @@ data:
     # closed and reopened when the broker receives a HUP signal. Only a single file
     # destination may be configured.
     #
+    # The dlt destination is for the automotive `Diagnostic Log and Trace` tool.
+    # This requires that Mosquitto has been compiled with DLT support.
+    #
     # Note that if the broker is running as a Windows service it will default to
     # "log_dest none" and neither stdout nor stderr logging is available.
     # Use "log_dest none" if you wish to disable logging.
@@ -661,12 +525,11 @@ data:
     # false then a password file should be created (see the
     # password_file option) to control authenticated client access.
     #
-    # Defaults to true if no other security options are set. If `password_file` or
-    # `psk_file` is set, or if an authentication plugin is loaded which implements
-    # username/password or TLS-PSK checks, then `allow_anonymous` defaults to
-    # false.
-    #
-    #allow_anonymous true
+    # Defaults to false, unless there are no listeners defined in the configuration
+    # file, in which case it is set to true, but connections are only allowed from
+    # the local machine.
+    #allow_anonymous false
+    allow_anonymous true
 
     # -----------------------------------------------------------------
     # Default authentication and topic access control
@@ -701,13 +564,17 @@ data:
     # comment.
     # Topic access is added with lines of the format:
     #
-    # topic [read|write|readwrite] <topic>
+    # topic [read|write|readwrite|deny] <topic>
     #
-    # The access type is controlled using "read", "write" or "readwrite". This
-    # parameter is optional (unless <topic> contains a space character) - if not
-    # given then the access is read/write.  <topic> can contain the + or #
+    # The access type is controlled using "read", "write", "readwrite" or "deny".
+    # This parameter is optional (unless <topic> contains a space character) - if
+    # not given then the access is read/write.  <topic> can contain the + or #
     # wildcards as in subscriptions.
     #
+    # The "deny" option can used to explicity deny access to a topic that would
+    # otherwise be granted by a broader read/write/readwrite statement. Any "deny"
+    # topics are handled before topics that grant read/write access.
+    #
     # The first set of topics are applied to anonymous clients, assuming
     # allow_anonymous is true. User specific topic ACLs are added after a
     # user line as follows:
@@ -811,6 +678,10 @@ data:
     #address <host>[:<port>] [<host>[:<port>]]
     #topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
 
+    # If you need to have the bridge connect over a particular network interface,
+    # use bridge_bind_address to tell the bridge which local IP address the socket
+    # should bind to, e.g. `bridge_bind_address 192.168.1.10`
+    #bridge_bind_address
 
     # If a bridge has topics that have "out" direction, the default behaviour is to
     # send an unsubscribe request to the remote broker on that topic. This means
@@ -821,7 +692,7 @@ data:
     #bridge_attempt_unsubscribe true
 
     # Set the version of the MQTT protocol to use with for this bridge. Can be one
-    # of mqttv311 or mqttv11. Defaults to mqttv311.
+    # of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
     #bridge_protocol_version mqttv311
 
     # Set the clean session variable for this bridge.
@@ -939,6 +810,23 @@ data:
     # properly.
     #try_private true
 
+    # Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism
+    # for brokers to tell clients that they do not support retained messages, but
+    # this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
+    # v3.1.1 or v3.1 broker that does not support retained messages, set the
+    # bridge_outgoing_retain option to false. This will remove the retain bit on
+    # all outgoing messages to that bridge, regardless of any other setting.
+    #bridge_outgoing_retain true
+
+    # If you wish to restrict the size of messages sent to a remote bridge, use the
+    # bridge_max_packet_size option. This sets the maximum number of bytes for
+    # the total message, including headers and payload.
+    # Note that MQTT v5 brokers may provide their own maximum-packet-size property.
+    # In this case, the smaller of the two limits will be used.
+    # Set to 0 for "unlimited".
+    #bridge_max_packet_size 0
+
+
     # -----------------------------------------------------------------
     # Certificate based SSL/TLS support
     # -----------------------------------------------------------------

charts/mosquitto/templates/service.yaml

@@ -17,11 +17,11 @@ spec:
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
   {{- end }}
   ports:
-    - port: 1883
+    - port: {{ .Values.service.port }}
       targetPort: default
       protocol: TCP
       name: default
-    - port: 9001
+    - port: {{ .Values.service.websocketPort }}
       targetPort: websocket
       protocol: TCP
       name: websocket

charts/mosquitto/values.yaml

@@ -34,6 +34,8 @@ securityContext: {}
 service:
   annotations: {}
   type: ClusterIP
+  port: 1883
+  websocketPort: 9001
   # externalTrafficPolicy:
   # loadBalancerIP:
 

charts/navidrome/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.39.0
 description: Navidrome is an open source web-based music collection server and streamer
 name: navidrome
-version: 2.3.0
+version: 2.3.1
 keywords:
   - navidrome
   - music
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/neolink/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.3.0
 description: Neolink - RTSP bridge to Reolink IP cameras
 name: neolink
-version: 1.1.0
+version: 1.1.1
 keywords:
   - reolink
   - rtsp
@@ -14,4 +14,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/network-ups-tools/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.7.4-2061-g46c7da76
 description: Network UPS Tools is a collection of programs which provide a common interface for monitoring and administering UPS, PDU and SCD hardware.
 name: network-ups-tools
-version: 1.1.0
+version: 1.1.1
 keywords:
   - nut
   - network-ups-tools
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/node-red/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.2.5
 description: Node-RED is low-code programming for event-driven applications
 name: node-red
-version: 5.3.0
+version: 5.3.1
 keywords:
   - nodered
   - node-red
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/nzbget/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v21.0
 description: NZBGet is a Usenet downloader client
 name: nzbget
-version: 7.3.0
+version: 7.3.1
 keywords:
   - nzbget
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/nzbhydra2/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v3.8.1
 description: Usenet meta search
 name: nzbhydra2
-version: 5.3.0
+version: 5.3.1
 keywords:
   - nzbhydra2
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 4.1.0
+version: 4.3.0
 apiVersion: v1
 appVersion: 5.1.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

charts/oauth2-proxy/README.md

@@ -119,6 +119,10 @@ Parameter | Description | Default
 `serviceAccount.name` | the service account name | ``
 `serviceAccount.annotations` | (optional) annotations for the service account | `{}`
 `tolerations` | list of node taints to tolerate | `[]`
+`topologySpreadConstraints.enabled` | enable Kubernetes [topologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `false`
+`topologySpreadConstraints.maxSkew` | the degree to which Pods may be unevenly distributed | `1`
+`topologySpreadConstraints.topologyKey` | the key of node labels | `topology.kubernetes.io/zone`
+`topologySpreadConstraints.whenUnsatisfiable` | how to deal with a Pod if it doesn't satisfy the spread constraint (`DoNotSchedule`, `ScheduleAnyway`) | `DoNotSchedule`
 `securityContext.enabled` | enable Kubernetes security context on container | `false`
 `securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
 `proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`

charts/oauth2-proxy/templates/deployment.yaml

@@ -208,3 +208,15 @@ spec:
     {{- end }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
+{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Values.topologySpreadConstraints.enabled }}
+      topologySpreadConstraints:
+      - labelSelector:
+          matchLabels:
+            app: {{ template "oauth2-proxy.name" . }}
+            release: "{{ .Release.Name }}"
+        maxSkew: {{ .Values.topologySpreadConstraints.maxSkew }}
+        topologyKey: {{ .Values.topologySpreadConstraints.topologyKey }}
+        whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/values.yaml

@@ -9,7 +9,7 @@ config:
   # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
   # Example:
   # existingSecret: secret
-  cookieSecret: "XXXXXXXXXX"
+  cookieSecret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
   google: {}
     # adminEmail: xxxx
     # serviceAccountJson: xxxx
@@ -29,8 +29,8 @@ config:
   # existingConfig: config
 
 image:
-  repository: "quay.io/pusher/oauth2_proxy"
-  tag: "v5.1.0"
+  repository: "quay.io/oauth2-proxy/oauth2-proxy"
+  tag: "v6.1.1"
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -186,3 +186,13 @@ htpasswdFile:
   # example:
   # entries:
   #  - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv
+
+## Configure Pod Topology Spread Constraints
+## See https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+## Requires Kubernetes >= v1.16
+topologySpreadConstraints:
+  enabled: false
+  maxSkew: 1
+  # See https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/
+  topologyKey: topology.kubernetes.io/zone
+  whenUnsatisfiable: DoNotSchedule

charts/octoprint/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.4.2
 description: OctoPrint is the snappy web interface for your 3D printer
 name: octoprint
-version: 2.3.0
+version: 2.3.1
 keywords:
   - octoprint
   - 3d
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/ombi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.681
 description: Want a Movie or TV Show on Plex or Emby? Use Ombi!
 name: ombi
-version: 6.4.0
+version: 7.0.0
 keywords:
   - ombi
   - plex
@@ -21,8 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
-  - name: mariadb
-    version: 9.2.0
-    repository: https://charts.bitnami.com/bitnami
-    condition: mariadb.enabled
+    version: 2.2.1

charts/ombi/values.yaml

@@ -21,16 +21,3 @@ persistence:
   config:
     enabled: false
     emptyDir: false
-
-# Enabled mariadb
-# ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/mariadb
-mariadb:
-  enabled: false
-  architecture: standalone
-  auth:
-    database: ombi
-    username: ombi
-    password: ombi
-  primary:
-    persistence:
-      enabled: false

charts/organizr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: HTPC/Homelab Services Organizer
 name: organizr
-version: 3.3.0
+version: 3.3.1
 keywords:
   - organizr
 home: https://github.com/k8s-at-home/charts/tree/master/charts/organizr
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/overseerr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/overseerr/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 1.16.0
+description: Overseerr is a free and open source software application for managing requests for your media library. It integrates with your existing services such as Sonarr, Radarr and Plex!
+name: overseerr
+version: 1.0.0
+keywords:
+  - overseerr
+  - plex
+  - sonarr
+  - radarr
+home: https://github.com/k8s-at-home/charts/tree/master/charts/overseerr
+icon: https://i.imgur.com/TMoEG7g.png
+sources:
+  - https://github.com/sct/overseerr
+  - https://hub.docker.com/r/sctx/overseerr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/overseerr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/overseerr/README.md

@@ -0,0 +1,67 @@
+# Overseerr
+
+This is a helm chart for [Overseerr](https://github.com/sct/overseerr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/overseerr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/overseerr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/overseerr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install overseerr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/overseerr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install overseerr k8s-at-home/overseerr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/overseerr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/overseerr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/overseerr/values.yaml

@@ -0,0 +1,23 @@
+# Default values for Overseerr.
+
+image:
+  repository: sctx/overseerr
+  pullPolicy: IfNotPresent
+  tag: 1.16.0
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 5055
+
+env: {}
+  # TZ: UTC
+  # LOG_LEVEL: info
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /app/config

charts/paperless/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.7.0
 description: Paperless - Index and archive all of your scanned paper documents
 name: paperless
-version: 2.3.0
+version: 2.3.1
 keywords:
   - paperless
 home: https://github.com/k8s-at-home/charts/tree/master/charts/paperless
@@ -14,4 +14,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/photoprism/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "20201122"
 description: PhotoPrism® is a server-based application for browsing, organizing and sharing your personal photo collection
 name: photoprism
-version: 2.3.0
+version: 2.3.1
 keywords:
   - photos
   - photoprism
@@ -19,4 +19,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/piaware/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v4.0
 description: Program for forwarding ADS-B data to FlightAware
 name: piaware
-version: 4.3.0
+version: 4.3.1
 keywords:
   - piaware
   - flight-aware
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/plex-media-server/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.20.4.3517-ab5e1197c
 description: Plex Media Server
 name: plex-media-server
-version: 1.3.0
+version: 1.3.1
 keywords:
   - plex
   - plex-media-server
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/plex/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.20.2.3402
 description: Plex Media Server
 name: plex
-version: 2.1.1
+version: 2.3.0
 keywords:
   - plex
 home: https://plex.tv/

charts/plex/templates/deployment.yaml

@@ -191,25 +191,18 @@ spec:
             value: "customCertificateDomain={{.Values.certificate.pkcsMangler.setPlexPreferences.customCertificateDomain}}"
 {{- end }}
 {{- end }}
+          {{- if .Values.probes.readiness.enabled }}
           readinessProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+            {{- omit .Values.probes.readiness "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+            {{- omit .Values.probes.liveness "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.probes.startup.enabled }}
           startupProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+            {{- omit .Values.probes.startup "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           volumeMounts:
           {{- if .Values.persistence.data.enabled }}
           - name: data
@@ -310,6 +303,9 @@ spec:
       - name: {{ .name }}
         persistentVolumeClaim:
           claimName: {{ .claimName }}
+  {{- else if .volume }}
+      - name: {{ .name }}
+        {{- toYaml .volume | nindent 8 }}
   {{- end }}
 {{- end }}
       - name: shared

charts/plex/values.yaml

@@ -223,6 +223,16 @@ persistence:
   #   claimName: optional-claim
   #   mountPath: /mnt/path/in/pod
   #   subPath: optional/sub/path
+  #
+  ## Example using an existing NFS filer directly. Below the 'volume' key all volume types are allowed (eg. nfs, iscsi, hostPath).
+  ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#volume-v1-core for further information
+  # - name: example2
+  #   mountPath: mnt/example2
+  #   volume:
+  #     nfs:
+  #       server: <nfs server fqdn or ip>
+  #       path: <nfs export path>
+  #       readOnly: true
 
   config:
     # Optionally specify claimName to manually override the PVC to be used for
@@ -309,12 +319,24 @@ logging:
 # Probes configuration
 probes:
   liveness:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     failureThreshold: 5
     periodSeconds: 10
   readiness:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     failureThreshold: 5
     periodSeconds: 10
   startup:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     initialDelaySeconds: 5
     failureThreshold: 30
     periodSeconds: 10

charts/powerdns/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v4.3.1
 description: PowerDNS is a DNS server, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases and load balancing/failover algorithms. A DNS recursor is provided as a separate program.
 name: powerdns
-version: 3.0.1
+version: 3.0.2
 home: https://www.powerdns.com/
 sources:
   - http://www.github.com/PowerDNS/

charts/powerdns/templates/deployment.yaml

@@ -94,6 +94,9 @@ spec:
             - name: dns-udp
               containerPort: 53
               protocol: UDP
+            - name: dns-webserver
+              containerPort: 8081
+              protocol: TCP
           {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
             tcpSocket:
@@ -121,13 +124,13 @@ spec:
           lifecycle:
             postStart:
               exec:
-                command: ["/bin/sh", "-c", "a=0;while [ $a -lt 200 ];do sleep 5;a=$[a+1];echo 'stage: '$a;if nc -vz {{- printf "%s-%s" .Release.Name "mariadb"}} 3306;then (! pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null) && pdnsutil create-zone {{ .Values.powerdns.domain }};echo 'End Stage';a=200;fi;done"]
+                command: ["/bin/sh", "-c", "let a=0; while [ $a -lt 200 ]; do sleep 5; let a=a+1; echo 'Attempt: '$a; if nc -vz {{ printf "%s-%s" .Release.Name "mariadb"}} 3306; then pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null && break; pdnsutil create-zone {{ .Values.powerdns.domain }}; fi; done"]
 {{ end }}
 {{- if .Values.postgresql.enabled }}
           lifecycle:
             postStart:
               exec:
-                command: ["/bin/sh", "-c", "a=0;while [ $a -lt 200 ];do sleep 5;a=$[a+1];echo 'stage: '$a;if nc -vz {{- printf "%s-%s" .Release.Name "postgresql"}} 5432;then (! pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null) && pdnsutil create-zone {{ .Values.powerdns.domain }};echo 'End Stage';a=200;fi;done"]
+                command: ["/bin/sh", "-c", "let a=0; while [ $a -lt 200 ]; do sleep 5; let a=a+1; echo 'Attempt: '$a; if nc -vz {{ printf "%s-%s" .Release.Name "postgresql"}} 5432; then pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null && break; pdnsutil create-zone {{ .Values.powerdns.domain }}; fi; done"]
 {{ end }}
           resources:
 {{- toYaml .Values.resources | nindent 12 }}

charts/pyload/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.4.20
 description: pyLoad is a Free and Open Source download manager written in Python and designed to be extremely lightweight, easily extensible and fully manageable via web.
 name: pyload
-version: 2.3.0
+version: 2.3.1
 keywords:
   - pyload
   - download
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/qbittorrent/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.3.0
 description: qBittorrent is a cross-platform free and open-source BitTorrent client
 name: qbittorrent
-version: 7.2.0
+version: 7.2.1
 keywords:
   - qbittorrent
   - torrrent
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/radarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.0.0.3989
 description: A fork of Sonarr to work with movies à la Couchpotato
 name: radarr
-version: 8.3.0
+version: 8.3.1
 keywords:
   - radarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/readarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.1.0.351
 description: A fork of Radarr to work with Books & AudioBooks
 name: readarr
-version: 1.1.0
+version: 1.1.1
 keywords:
   - readarr
   - torrent
@@ -20,4 +20,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1

charts/recipes/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/recipes/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: 0.13.0
+description: Recipes is a Django application to manage, tag and search recipes using either built in models or external storage providers hosting PDF's, Images or other files.
+name: recipes
+version: 2.2.2
+keywords:
+  - recipes
+  - cooking
+home: https://github.com/k8s-at-home/charts/tree/master/charts/recipes
+sources:
+  - https://github.com/vabene1111/recipes
+  - https://hub.docker.com/r/vabene1111/recipes
+maintainers:
+  - name: auricom
+    email: k8s-at-home@xpander.eml.cc
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/recipes/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- auricom
+reviewers:
+- auricom

charts/recipes/README.md

@@ -0,0 +1,89 @@
+# Recipes
+
+This is a helm chart for [Recipes](https://github.com/vabene1111/recipes).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/recipes
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/recipes
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the recipes chart and their default values that have to be overriden.
+
+| Parameter                            | Description                                                                                 | Default                                     |
+| -------------------------------------| ------------------------------------------------------------------------------------------- | ------------------------------------------- |
+| `env.DEBUG`                          | Only set this to true when testing/debugging                                                | `0`                                         |
+| `env.ALLOWED_HOSTS`                  | Hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...      | `*`                                         |
+| `env.SECRET_KEY`                     | Random secret key, use for example `openssl rand -base64 24` to generate one                | `changeme`                                  |
+| `env.TIMEZONE`                       | Your default timezone                                                                       | `America/New_York`                          |
+| `env.DB_ENGINE`                      | Database connector                                                                          | `django.db.backends.postgresql_psycopg2`    |
+| `env.POSTGRES_HOST`                  | External PostreSQL hostname                                                                 |                                             |
+| `env.POSTGRES_PORT`                  | External PostreSQL port                                                                     |                                             |
+| `env.POSTGRES_USER`                  | External PostreSQL user                                                                     |                                             |
+| `env.POSTGRES_DB`                    | External PostreSQL database name                                                            |                                             |
+| `env.POSTGRES_PASSWORD`              | External PostreSQL database password                                                        |                                             |
+| `env.GUNICORN_MEDIA`                 | Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this.     | `0`                                         |
+| `env.FRACTION_PREF_DEFAULT`          | Enable/disable fraction support                                                             | `0`                                         |
+| `env.COMMENT_PREF_DEFAULT`           | Enable/disable commenting system                                                            | `1`                                         |
+| `env.SHOPPING_MIN_AUTOSYNC_INTERVAL` | Amount of time after which the shopping list is refreshed when they are in viewing mode     | `5`                                         |
+
+You can add more environment variables, read through Recipes [.env.template](https://github.com/vabene1111/recipes/blob/master/.env.template)
+
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/recipes/values.yaml)
+file.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install recipes \
+  --set env.POSTGRES_HOST="postgresql.domain" \
+    k8s-at-home/recipes
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install recipes k8s-at-home/recipes --values values.yaml
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.0.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/recipes/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/recipes/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/recipes/templates/configmap.yaml

@@ -0,0 +1,35 @@
+
+{{/*
+Recipes Configuration files.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "recipes-config"
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  nginx-config: |-
+    events {
+      worker_connections 1024;
+    }
+    http {
+      server {
+        listen 80;
+        server_name _;
+        client_max_body_size 16M;
+        # serve media files
+        location /media/ {
+          alias /media/;
+        }
+        # serve static files
+        location /static/ {
+          alias /static/;
+        }
+        # pass requests for dynamic content to gunicorn
+        location / {
+          proxy_set_header Host $host;
+          proxy_pass http://localhost:8080;
+        }
+      }
+    }

charts/recipes/values.yaml

@@ -0,0 +1,89 @@
+# Default values for Recipes.
+
+image:
+  repository: vabene1111/recipes
+  pullPolicy: IfNotPresent
+  tag: 0.13.0
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+env:
+  DEBUG: "0"
+  ALLOWED_HOSTS: "*"
+  SECRET_KEY: changeme
+  DB_ENGINE: django.db.backends.sqlite3
+  POSTGRES_HOST:
+  POSTGRES_PORT:
+  POSTGRES_USER:
+  POSTGRES_DB:
+  POSTGRES_PASSWORD:
+  GUNICORN_MEDIA: "0"
+  TIMEZONE: America/New_York
+  FRACTION_PREF_DEFAULT: "0"
+  COMMENT_PREF_DEFAULT: "1"
+  SHOPPING_MIN_AUTOSYNC_INTERVAL: "5"
+
+persistence:
+  config:
+    enabled: false
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /opt/recipes/mediafiles
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+  static:
+    enabled: false
+    emptyDir: false
+    mountPath: /opt/recipes/staticfiles
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+
+additionalContainers:
+- name: nginx
+  image: nginx:1.19.6
+  ports:
+    - containerPort: 80
+      name: http
+  volumeMounts:
+  ##
+  ## If persistent volumes are enabled ; please uncomment the following lines
+  ##
+  # - name: media
+  #   mountPath: '/media'
+  # - name: static
+  #   mountPath: '/static'
+  - name: recipes-config
+    mountPath: /etc/nginx/nginx.conf
+    subPath: nginx-config
+    readOnly: true
+
+additionalVolumes:
+- name: recipes-config
+  configMap:
+    name: recipes-config

charts/resilio-sync/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.7.2
 description: Resilio Sync is a fast, reliable, and simple file sync and share solution, powered by P2P technology
 name: resilio-sync
-version: 1.1.0
+version: 1.1.1
 keywords:
   - resilio
   - sync
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.2.1